Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a20802e-f5fb-4abd-80f7-08b513b11102.roa
File:                     4a20802e-f5fb-4abd-80f7-08b513b11102.roa (raw, json)
Hash identifier:          B5oNVpY3+ZHoYzXdQdKm5EiWzvIJR5ShT0Vm8pIcwi4=
Subject key identifier:   2A:AB:50:C5:54:4D:6F:CB:5D:49:E1:45:89:93:F4:DB:77:4E:FA:2F
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       758056B13D0B6A1877747387B538165C88B41EC6
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a20802e-f5fb-4abd-80f7-08b513b11102.roa
Signing time:             Fri 27 Dec 2024 00:00:00 +0000
ROA not before:           Fri 27 Dec 2024 00:00:00 +0000
ROA not after:            Fri 31 Jan 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        54.21.0.0/16 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            75:80:56:b1:3d:0b:6a:18:77:74:73:87:b5:38:16:5c:88:b4:1e:c6
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Dec 27 00:00:00 2024 GMT
            Not After : Jan 31 23:59:59 2025 GMT
        Subject: CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:97:60:cc:08:25:3d:24:ad:30:cc:fe:2f:e8:6e:
                    92:d4:1c:9a:91:a3:83:81:70:dd:98:ad:db:50:45:
                    41:d6:2e:37:33:fd:b8:c1:98:62:a2:b7:93:24:4e:
                    6b:54:8d:1a:ad:62:e5:60:94:ac:1f:e1:9a:d7:49:
                    75:3d:e7:d0:b8:0f:7b:d3:ce:c2:fa:d5:10:f6:06:
                    14:72:ad:92:13:c1:14:aa:31:2c:95:bf:3b:c2:91:
                    51:5c:f1:55:d1:3d:18:5a:28:10:38:b0:82:de:13:
                    87:34:b6:74:ac:41:81:a1:49:17:7f:50:bc:11:21:
                    40:e2:7a:5a:2d:68:be:ca:c5:c6:b9:c8:6e:64:bd:
                    c8:98:88:eb:a4:59:7f:9b:8c:09:a5:6c:45:b1:3d:
                    70:c8:94:8e:b9:f5:34:b4:b0:82:44:da:20:c2:87:
                    04:d3:18:55:90:a3:bf:8a:9b:fb:43:8d:4e:c4:97:
                    6b:14:ec:ab:ca:87:45:7f:04:db:5a:ba:46:14:b7:
                    c8:85:d7:71:ad:14:93:0c:be:b1:97:d2:71:cf:59:
                    c8:3e:4e:9c:af:bd:e0:88:d8:1f:33:4a:a4:6a:22:
                    f3:40:0b:4c:d3:d4:0c:81:0b:8d:43:5e:36:ac:2d:
                    73:61:45:e5:c7:e0:7f:17:5d:5c:da:e8:ec:ca:5b:
                    bb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:AB:50:C5:54:4D:6F:CB:5D:49:E1:45:89:93:F4:DB:77:4E:FA:2F
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/4a20802e-f5fb-4abd-80f7-08b513b11102.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  54.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         76:1f:5a:dd:15:ff:6b:e6:30:d3:66:ec:e4:8b:c9:79:88:c8:
         41:87:7f:49:c1:f7:b9:82:b0:63:63:3e:83:a2:aa:a1:5e:f1:
         72:f1:4f:a0:0c:22:ec:3b:61:a1:d3:85:78:11:a6:07:b3:8d:
         fc:97:30:43:10:45:0c:56:d2:7a:96:21:87:56:d0:28:e8:59:
         5b:d6:a5:8a:0b:57:d0:a8:39:43:3d:c9:68:0d:92:1d:fe:f1:
         86:c5:96:7c:e9:94:a8:a8:9a:4a:64:f9:35:ba:34:a9:88:68:
         4a:a2:e0:0b:52:11:16:42:26:df:c8:f9:c8:c2:d6:ee:b2:0d:
         b4:b5:ac:83:3b:1c:56:47:9d:85:17:b0:60:cd:b7:8c:dd:46:
         df:9b:29:cc:9c:af:8a:77:05:fa:d3:5b:11:b4:8c:c8:6a:46:
         65:a0:a0:df:5f:41:74:da:02:c1:e5:87:f2:6a:73:20:36:40:
         e2:43:fd:15:cf:3b:24:ca:52:e9:85:8e:ee:21:fa:f6:7d:93:
         0d:28:32:3e:41:5a:40:30:8f:56:5d:50:1f:35:ac:3f:96:7a:
         63:48:02:0c:58:8e:86:73:22:2a:cc:d8:e1:a5:c3:99:40:d0:
         e6:7e:8b:83:9b:07:95:71:20:3e:be:6c:a5:aa:21:38:5a:03:
         58:6a:af:b1
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgIUdYBWsT0Lahh3dHOHtTgWXIi0HsYwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjQxMjI3MDAwMDAwWhcNMjUwMTMxMjM1OTU5
WjB6MUkwRwYDVQQFE0A3NTNjYjk2MDY0YjcxNmUwMTRiYjkwZmEzY2FmODlmYTQw
YzNhOWU3MjhhZDg1MmFmM2IzY2Q2NGQ5NjMzZDhmMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQCXYMwIJT0krTDM/i/obpLUHJqRo4OBcN2YrdtQRUHWLjcz
/bjBmGKit5MkTmtUjRqtYuVglKwf4ZrXSXU959C4D3vTzsL61RD2BhRyrZITwRSq
MSyVvzvCkVFc8VXRPRhaKBA4sILeE4c0tnSsQYGhSRd/ULwRIUDielotaL7Kxca5
yG5kvciYiOukWX+bjAmlbEWxPXDIlI659TS0sIJE2iDChwTTGFWQo7+Km/tDjU7E
l2sU7KvKh0V/BNtaukYUt8iF13GtFJMMvrGX0nHPWcg+TpyvveCI2B8zSqRqIvNA
C0zT1AyBC41DXjasLXNhReXH4H8XXVza6OzKW7uBAgMBAAGjggKwMIICrDAdBgNV
HQ4EFgQUKqtQxVRNb8tdSeFFiZP023dO+i8wHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyLzRhMjA4MDJlLWY1ZmItNGFiZC04MGY3LTA4YjUxM2IxMTEwMi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHgYIKwYBBQUHAQcBAf8EDzANMAsEAgAB
MAUDAwA2FTANBgkqhkiG9w0BAQsFAAOCAQEAdh9a3RX/a+Yw02bs5IvJeYjIQYd/
ScH3uYKwY2M+g6KqoV7xcvFPoAwi7DthodOFeBGmB7ON/JcwQxBFDFbSepYhh1bQ
KOhZW9aligtX0Kg5Qz3JaA2SHf7xhsWWfOmUqKiaSmT5Nbo0qYhoSqLgC1IRFkIm
38j5yMLW7rINtLWsgzscVkedhRewYM23jN1G35spzJyvincF+tNbEbSMyGpGZaCg
319BdNoCweWH8mpzIDZA4kP9Fc87JMpS6YWO7iH69n2TDSgyPkFaQDCPVl1QHzWs
P5Z6Y0gCDFiOhnMiKszY4aXDmUDQ5n6Lg5sHlXEgPr5spaohOFoDWGqvsQ==
-----END CERTIFICATE-----